# Coding Standards These are our opinionated code security and quality standards we use internally at Distrust, and expect from all contractors and vendors. ## General Guidelines ## First party Code TBD ## Third Party Code Use the following rationale as guidelines to decide when and how to use third party dependencies ``` flowchart TD A[Can it be done with the standard Library in under ~10k easily readable lines?] A --> D{No} --> E A --> B{Yes} --> C E[Can it be done with a library used in the official interpreter or compiler?] E --> F{Yes} --> X E --> G{No} --> I I[Does a widely used, well vetted, well reviewed, and well maintained library with exist?] I --> J{Yes} --> X I --> K{No} --> L L[Is this a cryptography or security sensitive use case?] L --> M{No} --> O L --> N{Yes} --> P[Review by yourself and pay for reputable external security audit] --> X O[Does -any- suitible library exist small enough for you to review yourself?] O --> Q{No} --> C O --> R{Yes} --> S[Review by yourself and by a peer] --> X C[Write it yourself] X[Document rationale and use library at specific version we have reason to trust] ``` ## Language Guidelines ### Rust TBD